Find attack source or replace the higher performance equipment to against attacks. If the attack source or destination is fixed, can through configuring packet filtering to block message or add to the destination black-hole routing.
1.To ensure the p2p effect, try to reduce the number of message detection, close the global p2p function, only can in specific inter-domain to limit.
2. If the address pool address is firewall interface IP, then close the packet filtering from the extranet to the NAT address pool;
3. If the address pool address is not interface address, need to configure the routing next hop as NULL 0 to address pool address.
4.Configure routing to NULL 0; Configure packet filtering forbid broadcast packet, and find broadcast packet source, reduce the sending packet number.
5.The live network flow is large and reaches the firewall performance, can replace the firewall having higher performance.
6.Open the acl acceleration, to check whether there is a decrease in the CPU.